This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee Edge OPDK: JWT payload in JSON Object

Posted on 04-16-2018 10:08 AM
sharath034
New Member
Reply posted on --/--/---- --:-- AM

Developer Dino,

I thank you for resolving the many issue in this community. I am facing an issue with the JWT program.

if we try to pass a parsed JSON object, the java callout is treating it as "[object Object]" which is a string and if we stringify the json first, the embedded claims is in a stringified format.

Please take a look at the attached picture.

When you notice the claims data in the picture, the data when decoded. we are getting it in a stringified format...

The policy configuration, that we are using for generation of the JWT is as follows:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout name="JWT-Create-Access-HS256">
    <DisplayName>JWT-Create-Access-HS256</DisplayName>
    <Properties>
        <Property name="algorithm">HS256</Property>
        <Property name="secret-key">{verifyapikey.Verify-API-Key.key}</Property>
        <!-- standard claims -->
        <Property name="claim_claims">{jsonData}</Property>
        <Property name="claim_product">{apiproduct.name}</Property>
        <Property name="claim_userid">{authuser.userid}</Property>
        <Property name="claim_tokenType">Access_token</Property>
        <Property name="expiresIn">{verifyapikey.Verify-API-Key.Access_expiresIn}</Property>
        <!-- in seconds -->
        <!-- custom claims -->
    </Properties>
    <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.15.jar</ResourceURL>
</JavaCallout><br>

When we are sending JSONdata, the JWT is getting generated but when decode the generated JWT in JWT.io. It is coming as a Stringified Format.

The below is the example of claims data we have utilized. it is coming with Strings. I mean its coming with /'s. we are expecting a JSON as a output.

{
  "claims": "{ \"speakers\": [\n\t{ \"firstname\": \"Ray\",\n\t\t\"lastname\": \"Villalobos\",\n\t\t\"category\": \"Front End\",\n\t\t\"title\": \"Bootstrap & CSS Preprocessors\",\n\t\t\"image\": \"http://barcampdeland.org/images/speaker_rayvillalobos.jpg\",\n\t\t\"link\": \"http://iviewsource.com\",\n\t\t\"bio\": \"Ray Villalobos is a full-time author and teacher at lynda.com. He is author of the book, Exploring Multimedia for Designers. He has more than 20 years experience in developing and programming multimedia projects. Previously at Entravision Communications, he designed and developed a network of radio station and TV web sites. As a senior producer for Tribune Interactive, he was responsible for designing orlandosentinel.com and for creating immersive multimedia projects and Flash games for the site.\",\n\t\t\"description\": \"As responsive design continues to take over the web, front-end developers and designers have turned to preprocessors and layout systems that simplify their workflow. Lynda.com staff author Ray Villalobos will talk about using the Bootstrap framework from Twitter to scaffold and fast track your responsive design. He'll talk about how you can use CodeKit and LESS to put together designs in hours instead of days.\"\n\t}\n]}",
  "product": "mHint",
  "tokenType": "Access_token",
  "exp": 1524222993,
  "userid": "hihTesting2",
  "iat": 1524221193
}
<br>

It would be great if you can look into it.

Please let me know, if you need any further details.

Thank you Dino

6747-1111.png6748-22222.png

Solved Solved
0 6 373
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

yes. You need to use a special form of name for the claims object.

You have this: 

 <Property name="claim_claims">{jsonData}</Property><br>

Instead you should use this: 

 <Property name="claim_json_claims">{jsonData}</Property><br>

Unfortunately with the limited configurability of the Java callout, we rely on special names. Properties with names that begin with claim_ are injected as claims. Of THosE properties, if the name starts with claim_json_ , then the value of the claim is parsed as JSON.

This is described in the README.

Also - upgrade to v1.0.16 . It is slightly more resilient.

Let me know if this helps please.

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Hi,

which version of the JWT policy are you using?

Can you please show your policy configuration?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sharath034
New Member
In response to DChiesa
Reply posted on --/--/---- --:-- AM
@Dino

We are not using JWT policy. We are using a Java Callout implemented from iloveapis. We have tested JAR 1.0.15 that was been updated in the iloveapis JWT apigee signed callout.

But we are still having the issue, we are getting the data as a stringified format ( as shown in the above picture). We are looking to get a JSON payload when we decrypt the JWT token.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sharath034
New Member
In response to DChiesa
Reply posted on --/--/---- --:-- AM

@Dino. We request you, please reply for the query. It would be appreciated.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
In response to sharath034
Reply posted on --/--/---- --:-- AM

hi Sharath. Can you post the policy configuration please?

Something like this should work, without causing "stringified format" for the claim: 

  <JavaCallout name='JavaCallout-JWT-Create'>
    <DisplayName>JavaCallout-JWT-Create</DisplayName>
    <Properties>
      <Property name="algorithm">RS256</Property>


      <!-- pemfile + private-key-password} used only for algorithm = RS256 -->
      <Property name="pemfile">private.pem</Property>
      <Property name="private-key-password">{private.pempassphrase}</Property>


      <!-- standard claims to embed -->
      <Property name="subject">{user_name}</Property>
      <Property name="issuer">http://apigee.net/{apiproxy.name}</Property>
      <Property name="audience">Optional-String-or-URI</Property>
      <Property name="expiresIn">86400</Property> <!-- in seconds -->
      <Property name="id"/>


      <!-- Property names that begin with claim_json_ are parsed as json -->
      <Property name="claim_json_account">{"allocations":[4,"seven",false],"verified":true,"id":1234}</Property>
      <Property name="claim_json_attributes">{variable_name_here}</Property>


    </Properties>


    <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.15.jar</ResourceURL>
  </JavaCallout>

While testing this, I found a few edge cases where parse errors on invalid JSON wouldn't be caught properly. In my tests that led to a ClassCastException.

I was not able to reproduce the behavior you reported, with the stringified JSON.

I re-worked the code to handle the parse errors. Please git pull, get the latest jar (1.0.16) and try again.

ALSO, if you continue to have problems POST YOUR POLICY CONFIGURATION PLEASE. I cannot diagnose your problem if I cannot see your relevant code + configuration.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sharath034
New Member
In response to DChiesa
Reply posted on --/--/---- --:-- AM

Hi Dino,

The policy configuration, that we are using for generation of the JWT is as follows:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout name="JWT-Create-Access-HS256">
    <DisplayName>JWT-Create-Access-HS256</DisplayName>
    <Properties>
        <Property name="algorithm">HS256</Property>
        <Property name="secret-key">{verifyapikey.Verify-API-Key.key}</Property>
        <!-- standard claims -->
        <Property name="claim_claims">{jsonData}</Property>
        <Property name="claim_product">{apiproduct.name}</Property>
        <Property name="claim_userid">{authuser.userid}</Property>
        <Property name="claim_tokenType">Access_token</Property>
        <Property name="expiresIn">{verifyapikey.Verify-API-Key.Access_expiresIn}</Property>
        <!-- in seconds -->
        <!-- custom claims -->
    </Properties>
    <ClassName>com.apigee.callout.jwtsigned.JwtCreatorCallout</ClassName>
    <ResourceURL>java://apigee-edge-callout-jwt-signed-1.0.15.jar</ResourceURL>
</JavaCallout>

When we are sending JSONdata, the JWT is getting generated but when decode the generated JWT in JWT.io. It is coming as a Stringified Format.

The below is the example of claims data we have utilized. it is coming with Strings. I mean its coming with /'s. we are expecting a JSON as a output.

{
  "claims": "{ \"speakers\": [\n\t{ \"firstname\": \"Ray\",\n\t\t\"lastname\": \"Villalobos\",\n\t\t\"category\": \"Front End\",\n\t\t\"title\": \"Bootstrap & CSS Preprocessors\",\n\t\t\"image\": \"http://barcampdeland.org/images/speaker_rayvillalobos.jpg\",\n\t\t\"link\": \"http://iviewsource.com\",\n\t\t\"bio\": \"Ray Villalobos is a full-time author and teacher at lynda.com. He is author of the book, Exploring Multimedia for Designers. He has more than 20 years experience in developing and programming multimedia projects. Previously at Entravision Communications, he designed and developed a network of radio station and TV web sites. As a senior producer for Tribune Interactive, he was responsible for designing orlandosentinel.com and for creating immersive multimedia projects and Flash games for the site.\",\n\t\t\"description\": \"As responsive design continues to take over the web, front-end developers and designers have turned to preprocessors and layout systems that simplify their workflow. Lynda.com staff author Ray Villalobos will talk about using the Bootstrap framework from Twitter to scaffold and fast track your responsive design. He'll talk about how you can use CodeKit and LESS to put together designs in hours instead of days.\"\n\t}\n]}",
  "product": "mHint",
  "tokenType": "Access_token",
  "exp": 1524222993,
  "userid": "hihTesting2",
  "iat": 1524221193
}

It would be greatful if you can look into it. Thanks.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

yes. You need to use a special form of name for the claims object.

You have this: 

 <Property name="claim_claims">{jsonData}</Property><br>

Instead you should use this: 

 <Property name="claim_json_claims">{jsonData}</Property><br>

Unfortunately with the limited configurability of the Java callout, we rely on special names. Properties with names that begin with claim_ are injected as claims. Of THosE properties, if the name starts with claim_json_ , then the value of the claim is parsed as JSON.

This is described in the README.

Also - upgrade to v1.0.16 . It is slightly more resilient.

Let me know if this helps please.

Jump to Solution
0 Likes